Questions about authentication

[hongooi73]

Just had some questions after reading the Auth article.

For basic auth I'm not seeing where the backend distinguishes between the secure and unsecure endpoints. Here is the code:

factorial_handler = function(request, response) {
  x = request$get_param_query("x")
  x = as.integer(x)
  response$set_body(factorial(x))
}
app$add_get("/factorial", factorial_handler)
app$add_get("/secure/factorial", factorial_handler)

Is the "secure" in the endpoint path meaningful in some way? Otherwise, I don't see how the app knows to apply basic auth to one but not the other.

For bearer auth, it seems that you're just looking for an exact match between the presented tokens and a list of possibilities. Is it really that simple? Shouldn't there be a process of decoding and looking at the token contents?

allowed_tokens = c(
  "super_secure_token_1",
  "super_secure_token_2"
)

auth_fun = function(token) {
  res = FALSE
  try({
    res = token %in% allowed_tokens
  }, silent = TRUE)
  return(res)
}
basic_auth_backend = AuthBackendBearer$new(FUN = auth_fun)

Also, similar to basic auth, I'm not seeing how the backend knows when to apply bearer auth.

[hongooi73]

Ugh, I just noticed that you set the route in the middleware:

auth_mw = AuthMiddleware$new(
  auth_backend = basic_auth_backend,
  routes = "/secure/factorial",
  id = "auth_middleware"
)

So nvm about the 1st question. I'd still be interested to know more about how bearer auth is implemented though.

[dselivanov]

Please consider to read https://github.com/rexyai/RestRserve/blob/master/CONTRIBUTING.md before opening issue here.

Asking Questions chat on gitter post a question on Stack Overflow using the [restrserve] tag